<?php
	session_start();
	if ($_SESSION['logd'] != 1){
	    Header("Location:login.php");
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Message Hub</title>
<link rel="stylesheet" type="text/css" href="main.css" />
</head>

<body>

   <!-- Begin Wrapper -->
   <div id="wrapper">
   
         <!-- Begin Header -->
         <div id="header">
			<?php
				include("include/header.html");
			?>	
		 </div>
		 <!-- End Header -->
		 
         <!-- Begin Faux Columns -->
		 <div id="faux">
		 
		       <!-- Begin Left Column -->
		       <div id="leftcolumn">
				<?php
					include("include/menu.php");
				?>
		       </div>
		       <!-- End Left Column -->
		 
		       <!-- Begin Right Column -->
		       <div id="rightcolumn">
		       		<?php
					include('scripts/dbconnect.php');
					$peId					= $_POST['PEID'];
					$contactPeId				= $_SESSION['PeId'];
					if(isset($peId)){
					/*
					 * This section is to process add/remove contacts
					 * ATTENTION! In this section $peId and $contactPeId are used the other way arround
					 * and not as you would expect them to be used.
					 * This is because they were initially named for the next section.
					 */
					    $addRemove				= $_POST['addRemove'];
					    if(isset($addRemove)){
						if($addRemove == remove){
						    $removeQuery		= "DELETE FROM Contacts WHERE OwnerPeId = '".$contactPeId."' AND ContactPeId = '".$peId."'";
						    $db->query($removeQuery);
						}
						if($addRemove == add){
						    // We first check if the entry does already exist. If it does, we'll stop
						    $checkQuery			= "SELECT * FROM Contacts WHERE OwnerPeId = '".$contactPeId."' AND ContactPeId = '".$peId."'";
						    $checkExec			= $db->query($query);
						    $checkNum_Rows		= $checkExec->num_rows;

						    if ($checkNum_Rows == 0){
							// now We'll check if the contact already has the owner in his/her contacts
							$checkQuery2		= "SELECT * FROM Contacts WHERE OwnerPeId = '".$peId."' AND ContactPeId = '".$contactPeId."'";
							$checkExec2		= $db->query($checkQuery2);
							$checkNum_Rows2		= $checkExec2->num_rows;
							$checkRow2		= $checkExec2->fetch_assoc();

							if ($checkNum_Rows2 == 0 || $checkRow2['Approved'] == false){
								$query		= "INSERT INTO Contacts (OwnerPeId, ContactPeId, Approved) VALUES ('".$contactPeId."','".$peId."','0')";
								$db->query($query);
							} else {
								$query		= "INSERT INTO Contacts (OwnerPeId, ContactPeId, Approved) VALUES ('".$contactPeId."','".$peId."','1')";
								$db->query($query);
							}
						    }
						}
					    }

					/*
					 * This section is for processing the answers from requests like
					 *  - accept
					 *  - reject
					 *  - accept and add
					 */
					    $handle				= $_POST['handle'];
					    if(isset($handle)){
						//We check if the entry does really exist so we can sure that noone is messing around with faked tcp/ip packets on our system
						$checkQuery			= "SELECT * FROM Contacts WHERE OwnerPeId = '".$peId."' AND ContactPeId = '".$contactPeId."' AND Approved = '0'";
						$checkExec			= $db->query($checkQuery);
						$returned_rows			= $checkExec->num_rows;
						if ($returned_rows == 1){
						    // accept the request (change approved to 1)
						    if ($handle == 1){
							$updateQuery		= "UPDATE Contacts SET Approved = 1 WHERE OwnerPeId = '".$peId."' AND ContactPeId = '".$contactPeId."'";
							$db->query($updateQuery);
						    }
						    // reject the request (delete entry from db)
						    if ($handle == 2){
							$updateQuery		= "DELETE FROM Contacts WHERE OwnerPeId = '".$peId."' AND ContactPeId = '".$contactPeId."'";
							$db->query($updateQuery);
						    }
						    // accept the request and add to own contactslist
						    if ($handle == 3){
							$updateQuery		= "UPDATE Contacts SET Approved = 1 WHERE OwnerPeId = '".$peId."' AND ContactPeId = '".$contactPeId."'";
							$db->query($updateQuery);

							/* Before adding the contact to the viewers contact list we're going to check if this entry does not exist already.
							 * This is not really necessary as if the entry already existed the viewer would never have gotten the request.
							 * However we're doing the check anyway so we can be 100% sure.
							 */
							$checkQuery2		= "SELECT * FROM Contacts WHERE OwnerPeId = '".$contactPeId."' AND ContactPeId = '".$peId."'";
							$checkExec2		= $db->query($checkQuery2);
							echo "<br />".$checkQuery2."<br />";
							$returned_rows2		= $checkExec2->num_rows;

							if ($returned_rows2 == 0){
							    $updateQuery	= "INSERT INTO Contacts (OwnerPeId, ContactPeId, Approved) VALUES ('".$contactPeId."','".$peId."','1')";
							    $db->query($updateQuery);
							}
						    }
						}else{
						    echo "nice try, skiddie!";
						}
					    }
					}

					/*
					 * From here down the visible content of the page is generated
					 */
					// We'll only show the profile of one person if the paramenter is set
					require_once('PersonProfile.php');
					if ($_GET['PeId'] > 0){
					    	$person		= new PersonProfile($_GET['PeId'], $_SESSION['PeId']);
						$person->fetchFriendYesNo();
						$person->fetchShowButton();
						$person->arrangeData();
						echo $person->getDataDiv();
					} else {
					    //otherwise, we're going to show all contact-requests on top of the page...
					    	echo "<h2>Contact requests</h2>";
						echo "<p>These people would like to have you in their contacts list, so they can send you messages.</p> <hr />";
						include("scripts/dbconnect.php");
						require_once('ContactRequest.php');
						//include("ContactRequest.php");

						$requestArray		= array();

					    	$query			= "SELECT OwnerPeId FROM Contacts WHERE Approved = 0 AND ContactPeId = '".$_SESSION['PeId']."'";
						$exec			= $db->query($query);

						while($row = mysqli_fetch_array($exec)){
						    	$requestArray[]	= new ContactRequest($row['OwnerPeId'], $_SESSION['PeId']);
						}

						foreach ($requestArray as &$request){
						    	echo $request->getDataDiv();
							echo "<hr />";
						}
						echo "<hr />";
					    //...and then all people the viewer has in his contacts list.
						echo "<h2>Your contacts</h2>";
						echo "these people are in your contacts, you can write them messages.";
						$contactQuery		= "SELECT * FROM Contacts WHERE OwnerPeId = '".$_SESSION['PeId']."'";
						$contactExec		= $db->query($contactQuery);
						while($row = mysqli_fetch_array($contactExec)){
							$person		= new PersonProfile($row['ContactPeId'], $_SESSION['PeId']);
							$person->fetchFriendYesNo();
							$person->fetchShowButton();
							$person->arrangeData();
							echo $person->getDataDiv();
						}
					}
				?>
		       
		       <div class="clear"></div>
			   
		       </div>
		       <!-- End Right Column -->
			   
			   <div class="clear"></div>
			   
         </div>	   
         <!-- End Faux Columns --> 
         <!-- Begin Footer -->
         <div id="footer">
			<?php
				include("include/footer.html");
			?>		
         </div>
		 <!-- End Footer -->
     </div>
     <!-- End Wrapper -->
 </body>
</html>

